Details of VAR-201405-0217

ID

VAR-201405-0217

CVE

CVE-2014-0526

TITLE

Windows and Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2014-002486

DESCRIPTION

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0522, CVE-2014-0523, and CVE-2014-0524. Adobe Acrobat and Reader are prone to an unspecified memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition. The following products are affected: Adobe Reader 11.x versions prior to 11.0.07 Adobe Reader 10.x versions prior to 10.1.10 Adobe Acrobat 11.x versions prior to 11.0.07 Adobe Acrobat 10.x versions prior to 10.1.10. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool

Trust: 2.07

sources: NVD: CVE-2014-0526 // JVNDB: JVNDB-2014-002486 // BID: 67370 // VULHUB: VHN-68019 // VULMON: CVE-2014-0526

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.3	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.2	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.3	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.2	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0.1	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.0	Trust: 1.9
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.9	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.6	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	10.1.8	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	10.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	11.0.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lt	version:	10.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	lt	version:	11.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	xi (11.0.07)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	10.x	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	x (10.1.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lt	version:	11.x	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	xi (11.0.07)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	x (10.1.10)	Trust: 0.8
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	10.0	Trust: 0.3

sources: BID: 67370 // JVNDB: JVNDB-2014-002486 // CNNVD: CNNVD-201405-251 // NVD: CVE-2014-0526

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-0526
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-0526
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201405-251
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-68019
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-0526
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-0526
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-68019
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-68019 // VULMON: CVE-2014-0526 // JVNDB: JVNDB-2014-002486 // CNNVD: CNNVD-201405-251 // NVD: CVE-2014-0526

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-68019 // JVNDB: JVNDB-2014-002486 // NVD: CVE-2014-0526

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-251

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201405-251

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002486

PATCH

title:	APSB14-15	url:	http://helpx.adobe.com/security/products/reader/apsb14-15.html	Trust: 0.8
title:	APSB14-15	url:	http://helpx.adobe.com/jp/security/products/reader/apsb14-15.html	Trust: 0.8
title:	アドビシステムズ社 Adobe Reader の脆弱性に関するお知らせ	url:	http://www.fmworld.net/biz/common/adobe/20140515.html	Trust: 0.8
title:	radamsa-Fuzzer	url:	https://github.com/sunzu94/radamsa-Fuzzer	Trust: 0.1
title:	RADAMSA	url:	https://github.com/StephenHaruna/RADAMSA	Trust: 0.1
title:	radamsa	url:	https://github.com/Hwangtaewon/radamsa	Trust: 0.1
title:	radamsa	url:	https://github.com/benoit-a/radamsa	Trust: 0.1

sources: VULMON: CVE-2014-0526 // JVNDB: JVNDB-2014-002486

EXTERNAL IDS

db:	NVD	id:	CVE-2014-0526	Trust: 2.9
db:	JVNDB	id:	JVNDB-2014-002486	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-251	Trust: 0.7
db:	BID	id:	67370	Trust: 0.5
db:	VULHUB	id:	VHN-68019	Trust: 0.1
db:	VULMON	id:	CVE-2014-0526	Trust: 0.1

sources: VULHUB: VHN-68019 // VULMON: CVE-2014-0526 // BID: 67370 // JVNDB: JVNDB-2014-002486 // CNNVD: CNNVD-201405-251 // NVD: CVE-2014-0526

REFERENCES

url:	http://helpx.adobe.com/security/products/reader/apsb14-15.html	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0526	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20140514-adobereader.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2014/at140023.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0526	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/topics/?seq=13798	Trust: 0.8
url:	http://www.adobe.com/products/acrobat/	Trust: 0.3
url:	http://www.adobe.com	Trust: 0.3
url:	http://get.adobe.com/reader/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://www.securityfocus.com/bid/67370	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/sunzu94/radamsa-fuzzer	Trust: 0.1

sources: VULHUB: VHN-68019 // VULMON: CVE-2014-0526 // BID: 67370 // JVNDB: JVNDB-2014-002486 // CNNVD: CNNVD-201405-251 // NVD: CVE-2014-0526

CREDITS

Pedro Ribeiro from Agile Information Security, and Honglin Long.

Trust: 0.3

sources: BID: 67370

SOURCES

db:	VULHUB	id:	VHN-68019
db:	VULMON	id:	CVE-2014-0526
db:	BID	id:	67370
db:	JVNDB	id:	JVNDB-2014-002486
db:	CNNVD	id:	CNNVD-201405-251
db:	NVD	id:	CVE-2014-0526

LAST UPDATE DATE

2024-11-23T23:02:49.284000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-68019	date:	2014-05-14T00:00:00
db:	VULMON	id:	CVE-2014-0526	date:	2014-05-14T00:00:00
db:	BID	id:	67370	date:	2014-05-14T00:42:00
db:	JVNDB	id:	JVNDB-2014-002486	date:	2014-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201405-251	date:	2014-05-15T00:00:00
db:	NVD	id:	CVE-2014-0526	date:	2024-11-21T02:02:19.147

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-68019	date:	2014-05-14T00:00:00
db:	VULMON	id:	CVE-2014-0526	date:	2014-05-14T00:00:00
db:	BID	id:	67370	date:	2014-05-13T00:00:00
db:	JVNDB	id:	JVNDB-2014-002486	date:	2014-05-15T00:00:00
db:	CNNVD	id:	CNNVD-201405-251	date:	2014-05-15T00:00:00
db:	NVD	id:	CVE-2014-0526	date:	2014-05-14T11:13:05.413